fix(output): normalize severity values to prevent HTML report failure

[JigyasuRajput]

Description

Fixes #4392 where the HTML report generator fails due to unexpected severity values like "HIGH-EXPLOIT". The error occurs because the severity key is not recognized in SEVERITY_TYPES_COLOR, leading to a KeyError.

Solution

• Introduced a normalize_severity() function to standardize severity values before processing.
• The function converts severities to uppercase and ensures that values with prefixes (e.g., "HIGH-EXPLOIT") are mapped to their base severities ("HIGH").
• Updated occurrences where severity values are used:
  • Normalized severity before incrementing cve_severity counters.
  • Applied normalization while analyzing cve_data["cves"].

Previously, this failed due to an unknown severity. With this fix, it now processes correctly.

Testing

• Unit Tests: Added a test case for normalize_severity() with various input formats (e.g., "HIGH-EXPLOIT", "critical-risk", "something-else").
• Integration Test: Verified that an HTML report with non-standard severity values is generated correctly without errors.
• Manually tested with severities like "HIGH-EXPLOIT", "CRITICAL-RISK", and "LOW-VULNERABILITY".
• Verified that the HTML report is generated successfully without errors.

[terriko]

Thanks, this is looking good. Could you also add a test that will trigger this?

[JigyasuRajput]

Thanks, this is looking good. Could you also add a test that will trigger this?

Done! I've Added test cases to cover severity normalization. Let me know if any changes are needed...